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DETAILED ACTION 
Claim Rejections - 35 USC §112 

1 . The following is a quotation of the second paragraph of 35 U.S.C. 1 1 2: 

The specification sliall conclude witli one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

2. Claims 1-9 and 12-18 are rejected under 35 U.S.C. 112, second paragraph, as 
being indefinite for failing to particularly point out and distinctly claim the subject matter 
which applicant regards as the invention. 

Claim 1, lines 11-14 recite: "if the accessing ICP passed the verification, its 
access is permitted, otherwise the access is not permitted; wherein the ICP is permitted 
to access the user-login-identification means only if it is authenticated." 

It is unclear as to what "it" refers to; the claim limitation "it" could refer to the 
accessing ICP being allowed to access credentials on the user-login-identification 
means or the authenticated user-login-identification means. 

For the sake of examination, the Examiner has interpreted "it" to mean the user- 
login-identification means. 

Claim 12 recites: "information transmission between the computer and the user- 
login-identification means should be processed with encryption or decryption." The 
claim language fails to specifically identify the meets and bounds of the claim. 

Claim 15 recites: "the user-login-identification means can be." The claim 
language fails to specifically identify the meets and bounds of the claim. 

Claim 16 recites: "the portable memory card-reader means can be." The claim 
language fails to specifically identify the meets and bounds of the claim. 



Claim 17 recites: "tlie user-login-identification means is a computer peripheral, 
such as." The phrase "such as" renders the claim indefinite because it is unclear 
whether the limitations following the phrase are part of the claimed invention. See 
MPEP§ 2173.05(d). 

Any claim not specifically addressed above is being rejected as incorporating the 
deficiencies of a claim upon which it depends. 

Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the phor art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 1 and 3-9 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Ferchichi et al. (WO 01/60013 A1), hereinafter referred to as Ferchichi, in view of 
Gupta et al. (U.S. Pat Pub 2001/0037469 Al), hereinafter referred to as Gupta. 

Re claim 1 : A method for centralizing administration of user registration 
information across networks (Abstract: lines 1-3), characterized by: 

including at least an Internet Content Provider (ICP) [single sign-on module] and 
a user-login-identification means [Fig 13, elt 17: smart-card] which can access an online 
terminal [mobile phone/laptop] (Abstract: lines 1-3; page 6, lines 4-10); 

wherein the ICP adds an interface module in a login web page (page 6, lines 11- 
14; page 17, lines 5-7) and accesses the user-login-identification means [smart-card] 
via the interface module (page 6, lines 19-22), and the ICP also provides an 
administration/drive module monitoring access of the user-login-identification means to 



set up a connection and hang up the connection for the user-login-identification means 
in the login web page (page 6, lines 19-26); 

the user-login-identification means is provided with an ID number (page 8, lines 
8-11; page 22, lines 19-21), and user's login identification information is stored in the 
user-login-identification means (page 6, lines 24-26; page 12, lines 15-16); 

ICP access authentication information is stored in the user-login-identification 
means to verify whether the accessing ICP is authorized to access (page 6, lines 19- 
26); 

if the accessing ICP passed the verification, its access is permitted, otherwise the 
access is not permitted (page 12, lines 4-14); 

wherein the ICP is permitted to access the user-login-identification means only if 
it is authenticated , when the user-login-identification means is activated (page 12, lines 
15-27) (see also page 13, lines 3-12 and lines 16-26). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to have modified the Ferchichi reference to utilize a combination of 
authentication schemes (i.e. a combination of Auth1,...,Auth9), as shown in figure 13, 
element 17, for the purpose of providing a more secure single-sign-on system while 
using a security token. 

Gupta teaches authenticating comprises, obtaining an authentication file [cookie] 
via the interface module, transmitting the authentication file to the administration/drive 
module (1|35), decrypting the authentication file by the administration/drive module, and 
accessing the user-login-identification means (1|74, 1|86). 



It would have been obvious to one of ordinary skill In the art at the time the 
invention was made to have modified the teachings of Ferdchichi with the teachings of 
Gupta, to securely transmit an authentication file for the verifying authority for the 
purposes of validating the client and verifying document parameters associated with the 
client. One would have also have been motivated to securely transmit the file for the 
purposes of preventing man-in-the-middle attacks. 

Re claim 3 : The combination of Ferchichi and Gupta teaches the ICR accessing 
the user-login-identification means includes checking the user ID identification 
information stored in the user-login-identification means, or generating the user ID 
identification information in the user-login-identification means (Ferchichi: page 6, lines 
24-27 and page 11, lines 19-22). 

Re claim 4 : The combination of Ferchichi and Gupta teaches the ICR reads the 
information stored in the user-login-identification means, and if login identification 
information is obtained, the interface module returns the login identification information 
to the ICR web page and determines whether a login-submit or an automatic submit & 
login should be performed according to user's setup; if the login identification 
information is not obtained, the interface module informs the web page that the login 
identification information is not available and stores the generated login identification 
information in the user-login-identification means (Gupta: 1|73, 1|77). 

Re claim 5 : The combination of Ferchichi and Gupta teaches an ICR web page is 
provided with a registration information window (Gupta: 1|73); the ICR invokes 
parameters of the interface module and simultaneously saves several sets of 
registration information of a same web page or saves the last set of registration 



information in tlie user-log in-identification means (Gupta: ^74, lines 16-28; ^78, lines 
14-21), and the registration information can also be displayed on the ICP web page 
(Gupta: 1|36, lines 14-16) 

Re claim 6 : The combination of Ferchichi and Gupta teaches an ICP web page is 
provided with a registration information window (Gupta: 1|73); the ICP accesses the 
user-login-identification means via the interface module (page 6, lines 19-22) and 
verifies the login identification information provided by the ICP web page (Ferchichi: Fig 
3, elts 302, 304 & 316; 1|79 and 1|81), and stores new login identification information in 
the user-login-identification means to overwrite original login identification information 
(Ferchichi: page 45, claim 39 teaches replacing a secret on the smart-card), and 
transfers relating information to the ICP web page (Gupta: 1|77); the information is 
displayed on the web page after being obtained (Gupta: 1|77). 

Re claim 7 : The combination of Ferchichi and Gupta teaches the ICP web page 
is provided with a plurality of window links of the registration information (Gupta: 1|73); 
the ICP reads the user-login-identification information stored in the user-login- 
identification means and verifies the login identification information provided by the ICP 
web page; if positive, the login identification information is directly read out and the 
relating information is transferred to the ICP web page (Gupta: ^73, ^77); the 
information is displayed on the web page after being obtained (Gupta: 1|77). if 
verification appears negative, the login identification information is stored in the user- 
login-identification means (Ferchichi and Gupta teach that if credentials provided by a 
combination of the user or the smart-card are invalid, access is denied; ergo, the user- 
login-identification means is unaltered.) 



Re claim 8 : The combination of Ferchichi and Gupta furtiier teaclies a login 
verification serving party for implementing prior authentication to the ICP and obtaining 
guide information of the user-login-identification means (Gupta: Fig 3, elt 304; prior to 
authorizing the client session, see steps 310 and 316 of Fig 3, elt 304, a prior 
authentication method, is preformed). 

Re claim 9 : The combination of Ferchichi and Gupta further teaches the ICP is 
connected with a login verification serving party [Gupta: Fig 2, elt 204] which transmits a 
code for accessing the user-login-identification means to the ICP, and the ICP adds the 
login identification information in the login web page according to the code, and the 
interface module transmits the ICP information to the login verification serving party for 
verification; if the ICP information passed the verification, the ICP is permitted to access 
the user-login-identification means, wherein the user activates the user-login- 
identification means by using a password, and then the ICP accesses the login 
verification serving party for an authentication via the interface module; if the 
authentication is valid, the ICP can operate the user-login-identification means via the 
interface module and the actuating password used by the user is provided by the login 
verification serving party or preset in the means (Ferchichi: page 6, lines 1 1-26 and 
Gupta: 1|73, ^77); the encryption files of the ICPs transmitted by the login verification 
serving party are different from each other (Ferchichi: page 8, lines 20-24 and Gupta: 
1186). 

5. Claims 2 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Ferchichi et al. (WO 01/60013 A1), hereinafter referred to as Ferchichi and Gupta et al. 



(U.S. Pat Pub 2001/0037469 A1), hereinafter referred to as Gupta, as applied to claim 
1 , in further view of Wu, Wei-Je (TW 480435), hereinafter referred to as Wu. 

Re claim 2 : The combination of Ferchichi and Gupta teaches all the limitations of 
claim 1 as previously discussed and further teach the administration/drive module can 
also automatically log in, in the case that the ICP accesses the user-login-identification 
means via the interface module and verifies the identification information. 

However, Wu teaches the administration/drive module can also lead in and/or 
lead out data stored in the user-login-identification means so as to backup the data 
(Abstract). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to have modified the teachings of Ferchichi and Gupta with the 
teachings of Wu for the purpose of securing content stored on an original smart in the 
event that it is lost, damaged or becomes inaccessible to the user. 

6. Claims 10 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Ferchichi et al. (WO 01/60013 A1), hereinafter referred to as Ferchichi, in view of Wu, 
Wei-Je (TW 480435), hereinafter referred to as Wu. 

Re claim 10 : Ferchichi teaches a system for realizing the method for centralizing 
administration of user registration information across networks (page 1, lines 1-5), 
characterized by, comprising a computer [Fig 1, elt 10: user; Fig 15, elts 207 & 209: 
mobile users], Intemet networks [page 6, lines 1—13; page 19, line 15], an ICP [Fig 1, 
elt 13: single sign-on module] and a user-login-identification means [Fig 1, elt 17: smart- 
card], wherein the computer can log in the Intemet networks to communicate with 



different ICRs (Fig 13, elts 162-169: authentication servers; page 16, lines 15-24); tlie 
user-login-identification means is capable of accessing the computer from outside (page 

6, lines 19-22) and has at least an identification number (page 8, lines 8-1 1 ; page 22, 
lines 19-21) the user-login-identification means performs the information transmission 
by operating the computer (page 8, lines 20-24). 

However, Wu teaches the user-login-identification means is capable of 
encryption storage space (Abstract). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to have modified the Ferchichi reference user-login-identification 
means to incorporate an encrypted storage space, as taught by Wu, for the purpose of 
securing secret data on the card without revealing the content to the holder of the user- 
login-identification means. 

7. Claims 11-18 are rejected under 35 U.S.C. 1 03(a) as being unpatentable over 
Ferchichi et al. (WO 01/60013 A1), hereinafter referred to as Ferchichi and Wu, Wei-Je 
(TW 480435), hereinafter referred to as Wu, as applied to claim 10, in further view of 
Gupta et al. (U.S. Pat Pub 2001/0037469 Al), hereinafter referred to as Gupta. 

Re claim 1 1 : Ferchichi in view of Wu teach all the limitations of claim 10 as 
previously stated. 

However, Gupta teaches the ICP is connected with a login verification serving 
party [Fig 2, elt 204] which transmits a code for accessing the user-login-identification 
means to the ICP, and the ICP adds the login identification information in the login web 
page according to the code, and the interface module transmits the ICP information to 



the login verification serving party for verification {^73, 1|77); if tine verification is valid, 
the ICP is permitted to access the user-login-identification means, and the login 
verification serving party is a server (1|73, 1|77; Fig 2, elt 204). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to have modified the teachings of the Ferchichi and Wu references 
with the teachings of the Gupta reference for the purpose of providing a remote sso 
authentication means via a smart-card using a web-page applet. 

Re claim 12 : The combination of Ferchichi, Wu and Gupta teaches information 
transmission between the computer and the user-login-identification means should be 
processed with encryption or decryption (Ferchichi: Table on pages 14-15); the 
encryption includes protecting an encryption area by using the user's PIN code or 
utilizing RSA 512PKI key management encryption method (Ferchichi: Table on pages 
14-15). 

Re claim 13 : The combination of Ferchichi, Wu and Gupta teaches the user- 
login-identification means is also provided with a storage region for storing the 
information of the ICP itself (Ferchichi: page 3, lines 1-2). 

Re claim 14 : The combination of Ferchichi, Wu and Gupta teaches the user- 
login-identification means is an external and portable memory means with a standard 
data interface, or a card-reader means or an ID identifying means thereof (Ferchichi: 
(page 8, lines 8-1 1 ; page 1 1 , lines 23-26; page 22, lines 1 9-21 ). 

Re claim 15 : The combination of Ferchichi, Wu and Gupta teaches the user- 
login-identification means can be a USB storage device, a CF card, a MMC card, a SD 



card, a SMC card, an IBM Micro Drive card, a flash storage module or an IC card 
(Fercliiclii: Abstract; page 1, lines 1-2). 

Re claim 16 : The combination of Ferchichi, Wu and Gupta teaches the portable 
memory card-reader means can be a CP card processor, a MMC card processor, a SD 
card processor, a SMC card processor, an IBM Micro Drive card processor or an 10 
card processor (Ferchichi: page 19, lines 6-14; page 33, lines 9-12). 

Re claim 17 : The combination of Ferchichi, Wu and Gupta teaches the user- 
login-identification means is a computer peripheral, such as a keyboard, a mouse, a 
handwriting board or sound boxes (Ferchichi: Abstract: lines 1-3; page 19, lines 6-14). 

Re claim 18 : The combination of Ferchichi, Wu and Gupta teaches the user- 
login-identification means is a portable PDA, a music player or an electrical dictionary 
(Ferchichi: Abstract: lines 1-3; page 19, lines 6-14). 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to DARREN SCHWARTZ whose telephone number is 
(571)270-3850. The examiner can normally be reached on 8am-4pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571)272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 



Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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Examiner, Art Unit 2135 
/KIMYEN VU/ 

Supervisory Patent Examiner, Art Unit 2135 



